From 864164a0db8c76edc9ce828b46afaff827b313bf Mon Sep 17 00:00:00 2001
From: Mark Harding <mark@marksmusiconline.co.uk>
Date: Fri, 7 Oct 2016 13:55:24 +0000
Subject: [PATCH] (fix): canEdit check before save on blogs

---
 plugins/blog/api/v1/blog.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/plugins/blog/api/v1/blog.php b/plugins/blog/api/v1/blog.php
index 8ce1587373..07e64328a2 100644
--- a/plugins/blog/api/v1/blog.php
+++ b/plugins/blog/api/v1/blog.php
@@ -175,6 +175,13 @@ public function post($pages)
             //$blog->setMature($_POST['mature']);
         }
 
+        if (!$blog->canEdit()) {
+            return Factory::response([
+                'status' => 'error',
+                'message' => 'Sorry, you do not have permission'
+              ]);
+        }
+
         $blog->save();
 
         if (is_uploaded_file($_FILES['file']['tmp_name'])) {